In many situations, multiple parties from multiple businesses and/or other organizations collaborate on documents that are maintained within a centralized document management system. For example, multiple parties from multiple organizations may collaborate on a contract and its associated documents, to revise the contract until all parties are satisfied with it. Access to such documents is typically controlled by the centralized document management system.
For instance, document access may be governed by a set of access control rules defined by authorized users or other parties. These rules dictate who, when, and how documents can be viewed and modified. For example, a contract-negotiation process may involve parties from three organizations: the customer, a service provider, and the supplier. The contract is not normally visible to parties of organizations other than these three organizations.
However, in the absence of a sufficient access control mechanism, typically every party—e.g., such as every user—of an organization is able to access all the documents associated with the organization, which can be a large number of documents. This is disadvantageous, because it can be difficult for a given party to find a document of interest. Furthermore, all parties of an organization may not need to or should not be able to view all the documents associated with the organization, such as documents that are irrelevant to a given party's job-related duties with the organization.
Within the prior art, role-based access control has been widely used, in which every user (i.e., party) is assigned a role and all users of a given role have the same access to documents. However, this means that parties with the same role but from different organizations have the same access to documents, potentially irrespective of whether the documents are associated with the organizations in question. While some prior art provides for different document access depending on the organization a given party is associated with, the problem of parties of the same organization having identical access to documents is still present.
These and other shortcomings within the prior art are addressed by embodiments of the present invention.